Chinese hackers steal files from SCADA maker

Military connection suspected.

The company, part of French conglomerate Schneider Electric, alerted its customers to a breach of its internal firewall and security systems this month, which it said had led to the project files for one if ts most important products being stolen by the hackers.

In a letter sent to Telvent customers, and obtained by noted security commentator Brian Krebs, the company said it was still investigating the issue.

It had "established new procedures to be followed" until the company could remove any vulnerabilities or remaining malware from the asttack.

Telvent, which has around 6000 employes in 19 countries around the world, makes supervisory control and data acquisition (SCADA) systems used to secure and manage critical infrastructure for energy companies.

Project files related to Telvent's key product, the OASys SCADA, were stolen in the intrusion.

The system is used to manage smart grid implementations as well as for oil and gas pipeline telemetry and monitoring systems.

A second letter from Telvent to customers affected by the breach listed some of the malware files and domain names and IP addresses used for control and command.

According to Dell Secureworks malware researcher Joe Stewart, the digital fingerprints left behind by the attackers point to a Chinese hacking team known as the "Comment Group".

The "Comment Group" has been dubbed "Byzantine Candour" by US intelligency for its use of HTML comments. It is thought to be connected to China's People's Liberation Army.

Last year, the Comment Group also managed to break into the Diablo Canyon nuclear powerplant in California. It stole a mailing list with the addresses of subscribers to a nuclear management newsletter and proceeded to send them emails laden with spyware.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.